Android Web Browser is prone to an unspecified remote code-execution vulnerability.
Successful exploits allow attackers to execute arbitrary code in the context of the browser. Note that attackers can exploit this issue to compromise only the browser, which may result in information-disclosure attacks.
Reportedly, this issue stems from an older vulnerability in one of the third-party packages used by Android. No further details are currently available. We will update or retire this BID when more information emerges.
NOTE: The HTC T-Mobile G1 phone ships with a vulnerable version of Android and is also affected by this issue.
The researchers who reported this issue have developed a working exploit. This exploit is not publicly available or known to be circulating in the wild.
Reportedly the issue has been fixed in the open-source version of the application. Symantec was unable to confirm this information.